Uploaded image for project: 'Apache Avro'
  1. Apache Avro
  2. AVRO-3658

Bump jackson to address CVE-2020-36518

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.11.1
    • 1.12.0
    • java

    Description

      Current version of Jackson dependency for AVRO/Java

      <jackson-bom.version>2.12.7.20221012</jackson-bom.version>

      bringsĀ CVE-2020-36518.

      This is covered by next versions, for example - in 

      <jackson-bom.version>2.13.4</jackson-bom.version>

      Attachments

        Activity

          People

            mgrigorov Martin Tzvetanov Grigorov
            pmoskotin Pavel Moskotin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h
                2h